ipchains

ipchains is Linux's answer to a firewall. There are a lot of neat tricks you can perform with ipchains, and you can search for those tricks on Google. The module itself is fairly easy to use once you get the hang of it. I hope you can stay with me on this, as it can sound a bit overtechnical. Please be careful, as you can easily lock yourself out of your own box!

ipchains actually refers to three separate chains. A typical ipchain command consists of several parts. First, it carries one of three commands:

-F flushes a chain

-P sets the handling for a chain

-A adds a new rule to the chain

To set up a chain, you might use:

# ipchains --F input
# ipchains --A input REJECT

This is a blanket command that essentially halts all incoming traffic. The first command flushes the input chain, and the second command adds a new rule to the input chain that rejects all traffic.

You could do this if you were completely disconnected from a network, but most of the world is not. Almost every desktop or server Linux box in the world connects to a network or the internet, so it's not realistic to use such a blanket command.

There are plenty of other options to set up a more intelligent filtering system. Suppose that your Linux box is a development server accessible only on the local LAN. The IP of its network device is 192.168.25.4, with a netmask of 255.255.255.0.

Note that on Linux you can determine the source machine's network IP through ifconfig, or on Windows using ipconfig at the command prompt. The rest of the network is on the 192.168.x.x private block as well.

// No one can connect via anything except loopback localhost
ALL : ALL EXCEPT 127.0.0.1:DENY

Intrusion Detection

You may want to consider using a package like Tripwire to detect intrusions. It doesn't come with Red Hat 9, but you can get the source and compile it yourself. It creates and compares the hashes of critical files to determine whether any changes have been made.

An effective hacker won't just break into your system. He will also create a back door for himself so that he can gain access at other times. Most of the time, these back doors are in exploited files, and this is one way you can protect against this occurrence.

Summary

There are many other tricks and tips available to the security-conscious system administrator. The key to being effective is to always be on your toes and ready to think outside the box. There's generally more than one way to skin a cat, and hackers are consistently inventing or discovering new means.

Please don't read this article and think this is the last word in system security. These tips merely scratch the surface. Happy guarding!

Aaron Brazell
is an author and blogger from Baltimore, Maryland, and is the primary system administrator for b5media, a network of more than 100 blogs.